3da0912ad229c82c1ad19b62750d0ebe54dabb18fe9d323044dd7f99b1bd4064

Sharing

Copy URL

Twitter E-mail

General

Target

3da0912ad229c82c1ad19b62750d0ebe54dabb18fe9d323044dd7f99b1bd4064
Size

132KB
MD5

72a61d1532efe7e0eef09a774093eaf5
SHA1

bf1f8a911eb29d1d06952ec4287e8066ef5272e1
SHA256

3da0912ad229c82c1ad19b62750d0ebe54dabb18fe9d323044dd7f99b1bd4064
SHA512

c47247637fef836dcc22b98141e9e82d10e0db853e8bfea4c5738e6593bcde5c359e6515f51a643fecb36e0523b54dee8b89749d6929f075439d5dbea2029b59
SSDEEP

3072:/E3C0Y72b35xzjmuuZ5nyQm/9JkcAHsi9s:/E3CJ72nzjBuZm/McM9s

Score

N/A

Malware Config

Signatures

Files

3da0912ad229c82c1ad19b62750d0ebe54dabb18fe9d323044dd7f99b1bd4064
.dll windows x86

327f6894ed8d99fe5ae6a1004170c71a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

udp_p2p

initWSAFuncTable
WYWSACleanup
WYWSAStartup
WYbind
WYclosesocket
WYrecvfrom
WYsendto

mfc42

ord800
ord924
ord535
ord858
ord4129
ord5683
ord2818
ord540
ord823
ord3663
ord5440
ord6383
ord5450
ord6394
ord860
ord5710
ord922
ord537
ord2820
ord3811
ord2764
ord825

msvcrt

fclose
__CxxFrameHandler
fprintf
longjmp
fopen
_strnicmp
strchr
strncmp
_adjust_fdiv
malloc
_initterm
free
_onexit
__dllonexit
_mbsnbcat
_mbsnbcpy
_mbsupr
_mbscmp
printf
_setjmp3
strrchr
_beginthread
strncpy
time
sprintf
memmove
_stricmp
strstr

kernel32

GetLastError
IsBadWritePtr
OpenMutexA
OpenEventA
CreateMutexA
CreateEventA
ReleaseMutex
SetEvent
GetCurrentThreadId
UnmapViewOfFile
CloseHandle
FlushViewOfFile
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
GetCurrentProcess
GetCommandLineA
WaitForSingleObject
CopyFileA
VirtualProtectEx
WriteProcessMemory
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetProcAddress
VirtualProtect
GetTickCount
GetModuleHandleA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
Sleep
LoadLibraryA
IsBadReadPtr

user32

wsprintfA

wsock32

recv
htonl
ioctlsocket
bind
inet_ntoa
select
__WSAFDIsSet
accept
closesocket
send
socket
inet_addr
WSAGetLastError
getsockname
getsockopt
getpeername
htons
listen

vsipc

IPCUN38
IPCUN6
IPCUN12
IPCUN26
IPCUN20
IPCUN15
getRoomUserByIP

vsmsghelper

VSMsgHelperFn1

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

327f6894ed8d99fe5ae6a1004170c71a

Headers

File Characteristics

Imports

udp_p2p

mfc42

msvcrt

kernel32

user32

wsock32

vsipc

vsmsghelper

version

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 16KB - Virtual size: 22KB

.rsrc Size: 4KB - Virtual size: 976B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 16KB - Virtual size: 22KB

.rsrc
Size: 4KB - Virtual size: 976B

.reloc
Size: 12KB - Virtual size: 11KB